If you think I got Grumpy
Attention: Support and help on the Untangle Forums is provided by
volunteers and community members like yourself.
If you need Untangle support please call or email support@untangle.com
Rob Sandling, BS:SWE, MCP
NexgenAppliances.com
Phone: 866-794-8879 x201
Email: support@nexgenappliances.com
Especially when there are requests with hundreds of votes and no response other than the default "under consideration".
https://untanglengfirewall.featureupvote.com/
And the effect of admin on any alias can be had with a port forward rule...
I guess now the inverse is true, move your service port then make a port forward rule for TCP 443 traffic on whatever IP you want admin to work on to 192.0.2.200 but... come on.
You make the weirdos do the weird configuration, not make everyone else jump through hoops because you want to steal a common service port. This is something you fix with a tech talk, or a white paper, not a fundamental feature shift.
Last edited by sky-knight; 11-05-2020 at 06:05 PM.
Rob Sandling, BS:SWE, MCP
NexgenAppliances.com
Phone: 866-794-8879 x201
Email: support@nexgenappliances.com
100% agreed... suddenly changing a well understood feature that's worked the same way for a decade or longer just because somebody asked for something weird is just strange.
This all tells me that whoever decided on this feature change either really didn't stop and think it through, or genuinely doesn't understand how this sort of thing should work
I'm sooooo glad I stumbled onto this thread.
Last edited by jlficken; 11-06-2020 at 02:57 PM.
I've been thinking about this more, and I've come to believe what should really be happening here is that, yes, the admin UI really should respond on any alias... at least by default.
However, the way it's implemented should be different. I want to think of the change conceptually as an invisible port forward rule for each interface (that we can enable/disable with a checkbox, possibly in the per-interface configuration rather than all at once). These rules should logically come after all our other port forward rules. This way we'll see Untangle if we don't have any other 443 forwards defined on the interface. But if we do have a conflicting port forward rule it will take precedence and we see the thing we asked for.
In other words, the problem we have right now is it's as if the Untangle port forward rules come first in the list. It's not that we don't want those rules; it's that we want to come after the ones we define ourselves.
There might also need to be some additional protection, to make sure the admin UI remains available somewhere and help keep a clueless administrator from accidentally doing something silly and locking himself out.
Last edited by jcoehoorn; 11-12-2020 at 01:09 PM.
Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 15.1.0 to protect 500Mbits for ~450 residential college students and associated staff and faculty